Security for wireless communication

ABSTRACT

A mobile terminal is disclosed which includes a near field or RF ID tag. The mobile terminal communicates with the mobile telecommunications network and is authenticated with that network using the SIM. The mobile terminal is operable to obtain security data from the user thereof, such as a PIN or biometric data, or the mobile terminal incorporates a sensor such as a light sensor, pressure sensor, heat sensor, skin resistant sensor or inertial sensor. The input device or sensor is used to confirm the identity of the user or to evaluate whether the user wishes to use the near field tag to make a payment or obtain entry to a building. Data from the sensor is passed to the SIM, which issues a command enabling the near field tag, via link. The near field tag may then be read by a reader. The near field tag may be automatically disabled after being read by the reader, after a predetermined time, or when the stimulus to the sensor is no longer present.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a Continuation of, and claims priority to and thebenefit of, U.S. patent application Ser. No. 11/816,263 filed on Aug.14, 2007 and entitled “SECURITY FOR WIRELESS COMMUNICATION,” whichclaims priority to PCT/GB2005/000538 filed on Feb. 15, 2005 and entitled“IMPROVED SECURITY FOR WIRELESS COMMUNICATION, both of which are herebyexpressly incorporated herein by this reference in their entirety.

TECHNICAL FIELD

The present invention relates to apparatus for controlling use of a nearfield communication device, including smart card means associable with amobile telecommunications network for authenticating the smart cardmeans with the network, to a method of controlling use of a near fieldcommunication device and to a communication device including near fieldcommunication means.

BACKGROUND

Near field or RFID tags are known. Such tags may be incorporated intosmart cards or other devices for use in obtaining entry to buildings oras electronic tickets for use of public transport or toll fee payment.Although such tags typically have to be brought into close proximity(less than 20 centimeters) of a reader, it is possible for a reader toexchange information with the tag without the owner's permission.Sensitive data stored on the tag could be stolen or changed. The tag maytherefore participate in a sensitive or valuable transaction without theknowledge of the owner.

Known devices incorporating such tags may be provided with someprotection against such mis-use. For example, the RF link between thecard and the reader is of limited range, as discussed above. This shouldmean that the holder of the device incorporating the tag will be able tosee the reader. However, it is possible for specialist radio equipmentto extend the intended range within which communication between the tagand the reader can occur, and thereby exchange information with the tagwithout the owner's permission.

It is also known to encrypt the communication between the tag and thereader. Although encryption can be effective, it does not guard againstunauthorised communication with a rogue reader, such as a genuine readerthat has been stolen or a reader that has broken the encryptionalgorithm.

Another known but not widely used security precaution is to place thedevice including the tag in a metal or other enclosure that providesshielding to prevent RF access to the card. Although shielding iseffective, it is not user convenient as it requires the user to rememberto place the card in the shield. Further, if the user has severaldevices incorporating such tags, this can become even more inconvenient.

SUMMARY OF THE INVENTION

The present invention, in one aspect, seeks to provide additional orimproved security.

According to a first aspect of the present invention, there is providedapparatus for controlling use of a near field communication device,including smart card means associable with a mobile telecommunicationsnetwork for authenticating the smart card means with the network,wherein the smart card means is operable to receive from the mobiletelecommunications network data for controlling use of the near fieldcommunication device and is operable to selectively enable the nearfield communication device in dependence upon the data.

The invention also relates to a mobile telecommunications networkincluding such apparatus.

According to another aspect of the present invention, there is provideda method of controlling use of a near field communication device,including associating smart card means with a mobile telecommunicationsnetwork for authenticating the smart card means with the network,transmitting to the smart card means from the mobile telecommunicationsnetwork data for controlling use of the near field communication deviceand selectively enabling the near field communication device independence upon the data.

According to a further aspect of the present invention, there isprovided a communication device including near field communicationmeans; smart card means for authenticating the device with a mobiletelecommunications network; means for enabling the smart card to receivedata from the mobile telecommunications network to authenticate thedevice; and means for selectively enabling the near field communicationmeans in dependence upon the data received by the smart card.

According to a further aspect of the present invention, there isprovided a mobile telecommunication device for use with a mobiletelecommunications network and including a near field device, whereinthe mobile telecommunication device is operable to selectively enablethe near field communication device.

BRIEF DESCRIPTION OF THE DRAWINGS

For a better understanding of the present invention, embodiments willnow be described by way of example with reference to the accompanyingdrawings, in which:

FIG. 1 shows schematically the elements of a communications network.

FIG. 2 shows schematically a mobile terminal in accordance withembodiment of the invention;

FIG. 3 shows schematically a dongle in accordance with embodiment of theinvention;

FIGS. 4 to 8 show modified smart cards in accordance with embodiments ofthe invention; and

FIG. 9 shows a wallet for storing a smart card in accordance with theinvention.

In the drawings like elements are generally designated with the samereference number.

DETAILED DESCRIPTION

FIG. 1 shows schematically a network with which the invention may beused. Mobile terminal 1 is registered with GSM/GPRS or UMTS (3G) mobileor cellular telecommunications network 3. The mobile terminal 1 may be ahandheld mobile telephone, a personal digital assistant (PDA) or alaptop computer equipped with a datacard. The mobile terminal 1communicates wirelessly with mobile telecommunications network 3 via theradio access network (RAN) of the mobile telecommunications network 3,comprising, in the case of a UMTS network, base station (Node B) 5, andradio network controller (RNC) 7. Communications between the mobileterminal 1 and the mobile telecommunications network 3 are routed fromthe radio access network via GPRS support nodes (SGSN) 9, which may beconnected by a fixed (cable) link to the mobile telecommunicationsnetwork 3.

In the conventional manner, a multiplicity of other mobile terminals areregistered with the mobile telecommunications network 3. These mobileterminals include mobile terminals 11 and 13. The terminals 11 and 13communicate with the mobile telecommunications network 3 in a similarmanner to the terminal 1, that is via an appropriate Node B 5, RNC 7 andSGSN 9.

The mobile telecommunications network 3 includes a gateway GPRS supportnode (GGSN) 17 which enables IP-based communications with othernetworks, such as the Internet 19 via an appropriate link 21. Amultiplicity of terminals are connected to the Internet (by fixed orwireless links), and a PC terminal 23 and a PDA terminal 25 are shown byway of example.

Each of the mobile terminals 1,11 and 13 is provided with a respectivesmart card or subscriber identity module (SIM) 15. During themanufacturing process of each SIM, authentication information is storedthereon under the control of the mobile telecommunications network 3.The mobile telecommunications network 3 itself stores details of each ofthe SIMs issued under its control. In operation of the mobiletelecommunications network 3, a terminal 1, 11, 13 is authenticated (forexample, when the user activates the terminal in the network with a viewto making or receiving calls) by the network sending a challenge to theterminal 1,11,13 incorporating a SIM 15, in response to which the SIM 15calculates a reply (dependent on the predetermined information held onthe SIM—typically an authentication algorithm and a unique key Ki) andtransmits it back to the mobile telecommunications network 3. The mobiletelecommunications network 3 includes an authentication processor 17which generates the challenge and which receives the reply from theterminal 1,11,13. Using information pre-stored concerning the content ofthe relevant SIM 15, the authentication processor calculates theexpected value of the reply from the mobile terminal 1,11,13. If thereply received matches the expected calculated reply, the SIM 15 and theassociated mobile terminal are considered to be authenticated.

It should be understood that such an authentication process can beperformed for any terminal provided with a SIM 15 under control of themobile telecommunications network 3. In the embodiment the terminalcommunicates wirelessly with the mobile telecommunications network 3 viathe network's radio access network, although this is not essential. Forexample, the terminal may communicate with the network via the fixedtelephone network (PSTN), via a UMA “access point” and/or via theInternet. The PC 23 and the PDA 25 may also be provided with a SIM 15under the control of the network.

The SIM 15 used by the terminal 1,11,13,23,25 may be a SIM of the typedefined in the GSM or UMTS standards specifications, or may be asimulation of a SIM—that is, software or hardware that performs afunction corresponding to that of the SIM. The SIM may be in accordancewith the arrangement described in WO-A-2004 036513.

It should be noted that the authentication process being described doesnot necessarily authenticate the human identity of the user. Forexample, mobile telecommunication networks have pre-pay subscribers whoare issued with SIMs in return for pre-payment, enabling them to usenetwork services. However, the identity of such pre-pay subscribers maynot be known by the network. Nevertheless, such a user cannot make useof the network until the network has authenticated the user's SIM—thatis, has confirmed that such user is a particular user who has aparticular pre-paid account with a network.

The network shown in FIG. 1 comprises both the mobile telecommunicationsnetwork 3 and the Internet 19 (which itself comprises a multiplicity ofother networks).

In addition to performing authentication functions, the SIM 15 mayperform various other functions. For example, the SIM may store adirectory of the names and telephone numbers of people frequently calledby the user of the mobile terminal 1. Additionally, the SIM may storeinformation which controls how the mobile terminal 1 is allowed tointeract with the mobile telecommunications network 3. For example, theSIM may determine whether or not “roaming” of the mobile terminal 1 in avisited mobile telecommunications network is permitted.

The mobile telecommunications network 3 operator may wish to alter theinformation on a SIM 15, for example to introduce new services. In orderto allow such updating of the SIM 15 in a rapid and cost-effective way,over-the-air (OTA) updating technology has been developed.

The mobile telecommunications network 3 includes an OTA gateway 30 thattransforms updating messages from the network 3 into short messages (SMSmessages) to be sent to the SIM 15. The OTA gateway 30 sends the SMSmessage to a short message service centre (SMSC) 32, which thentransmits the short message to the relevant SIM 15 via the radio accessnetwork.

As indicated above, OTA updating is currently performed using the SMSbearer. However, it is also possible for the transport bearer to be CSDor GPRS. To perform OTA with CTS or GPRS bearer, CAT-TP/BIP orJ2ME/JSR#177 mechanisms could be used. References in this specificationto over-the-air updating includes references to updating by thesebearers or any other similar bearers.

The OTA gateway 30 receives service requests through a gateway API thatindicates the SIM that requires updating. The OTA gateway 30 includes adatabase including information about each SIM card associated with thenetwork 3, including the card manufacturer, the card's identificationnumber, the IMSI and the MSISDN. When card identification data isreceived by the OTA gateway 30, this database is used to address the OTAmessage to the relevant SIM. The OTA gateway 30 converts the servicerequest information into a format that can be processed by the targetSIM. The formatted message is sent to the SMSC 32, for example in themanner described in standards specification GSM 03.48 or TS 23.048. Inorder to perform the required update, a plurality of SMS messages may berequired because currently SMS messages are restricted to 160characters. The OTA gateway 30 is responsible for the integrity andsecurity of the updating process.

In addition to receiving OTA updating messages by SMS, mobile terminal 1is also capable of receiving conventional SMS messages—such as textmessages to be read by the user of the mobile terminal 1. In order todistinguish an OTA updating SMS from a conventional SMS message, the OTAupdating SMS message has its protocol identifier set to “SIM datadownload”. The message will include ENVELOPE or UPDATE RECORD commands.The GSM or 3G application running on the mobile terminal 1 receivesthese commands and calls the OTA layer. The OTA layer checks themessages according to standards specification GSM 03.48 or TS 23.04.Each secured packet in the messages may contain one or more APDUscommands dedicated to Remote File Management or Remote Applet Managementor SIM Tool Kit.

As shown in FIG. 2, mobile terminal 1 in accordance with the embodimentincludes, in addition to SIM 15, a display 34, keypad 37 and an antenna39 for communicating wirelessly with the mobile communications network3. Further, the mobile terminal 1 includes a near field or RFID tag 41.The near field tag 41 operates in the unregulated RF band of 13.56 MHzin this embodiment although other frequencies could be used. No licensesare required for the use of the near field devices in this RF band.However, each country imposes certain limitations on the electromagneticemissions in this RF band. Limitations mean that in practice thedistance at which the near field tag 41 can communicate with anotherdevice is typically less than 20 centimeters. Often the range ofcommunication is such that the RF tag 41 must touch or almost touch thedevice with which it is to communicate. Communication may be using theNear Field Communication Interface and Protocol (NFCIP-1).

The near field tag 41 may operate in accordance with ISO-IEC 14443 andISO-IEC 15693 standards. The tag 41 includes an inbuilt inductiveantenna that allows the card to exchange information with a tag readerwhen the two are brought into close proximity, as described above. Thereader may emit an RF signal to supply power to the tag to communicatewith it if the tag is “passive”. If the tag is “active” it will have apower supply and its operation is independently of the reader. The nearfield tag 41 may transmit selected information, such as an ID number (GUID).

In order to improve the security of the near field tag, in the presentembodiment it is proposed to use the SIM 15 of mobile terminal 1 tocontrol to some extent the operation of the near field tag 41. Theauthentication process of a SIM 15 with a mobile telecommunicationsnetwork, using the network's authentication processor 17 is consideredto be highly secure. In this embodiment, this authentication of the SIM15 is used to protect data held by the memory of the near field tag 41from unauthorised access.

According to an important feature of this embodiment, the near field tag41 is selectively enabled or disabled for communication with the readerunder control of the SIM 15, by means of communication link 43. By meansof the link 43, the SIM can enable or disable the near field tag 41 by,for example, rendering its antenna inoperative. In the disabled state, areader is not able to obtain any information from the near field tag 41,even when brought into close proximity thereto (within a range that, innormal circumstances, near field communication would be possible).

Conveniently, the SIM 15 is provided with data which controls operationof the near field tag 41 by receiving an OTA message, which is sent tothe mobile terminal 1 from the mobile telecommunications network 3 (viathe OTA gateway 30 and SMSC 32). As described above, the OTA updatemessage is received by the mobile terminal 1 and it is determined thatthis is an updating OTA update message rather than a conventional SMSmessage. The message is then passed to the SIM 15 for processing. Uponprocessing of the message, commands contained within that message areexecuted, causing the desired control of the RF tag 41 via the link 43.

In a first example, it is desired to only enable the near field tag 41to communicate with the reader when it is in the vicinity of the user'soffice (where entry is obtained using the near field tag 41). The SMSC32 may send an OTA update message to the node B 5 associated with thecell or group of cells in which the user's office is located. When themobile terminal 1 enters a cell in the group, the node B transmits theOTA message to the mobile terminal 1. The procedure described above isapplied, and the OTA message is passed to the SIM 15 and theinstructions therein are processed. A command is sent to the near fieldtag 41 via link 43 to activate the near field tag (for example, byallowing its antenna to communicate with the reader). When the mobileterminal 1 moves to a different cell, a command is sent from the SIM 15,via the link 43, to disable the near field tag 41. This command may beissued in response to a further OTA message being received from thenetwork 3 when the mobile terminal 1 moves to a different cell, ormovement to a different cell may be detected automatically by the SIM(or the mobile terminal 1) and used to generate an appropriate commandfor sending to the near field tag 41.

The near field tag 41 may be rendered completely inoperable when not inthe location of the cell of the user's office. Alternatively, the nearfield tag 41 may be partially disabled (for example, by rendering theantenna inoperable). In this partially disabled mode the tag 41 mayperform certain functions, such as allowing its codes or other data tobe reprogrammed.

In the second example, a user wishes to use the near field tag 41 of themobile terminal 1 to pay for travel by public transport (for example onthe London Underground), where entry barriers are equipped with asuitable near field tag reader. Because the commuter travels atparticular, consistent times of day, it is desirable to enable the nearfield tag 41 only at those times, in order to provide improved security.When so configured, if the mobile terminal 1 incorporating the nearfield tag 41 were stolen, the thief would not be able to pay for use ofpublic transport using the near field tag 41 outside the timesspecified.

The mobile telecommunications network 3 is configured to transmit an OTAmessage to the mobile terminal 1 at the beginning of the time periodduring which the commuter begins their normal journey. As before, thismessage is received and interpreted by the SIM, which sends aninstruction to enable the near field tag 41 via the link 43. The nearfield tag 41 is then able to communicate with readers to allow use ofpublic transport. At the end of the time period during which thecommuter completes their usual journey, a second OTA message is sent bythe network 3 to the mobile terminal 1. This OTA message is received andinterpreted by the SIM 15, and sends an appropriate deactivationinstruction to the RF tag 41 via the link 43. The near field tag 41 isthereafter not able to allow the user to obtain access to publictransport.

A similar arrangement could be used, for example, to enable a schoolchild to pay for their lunch using the near field tag 41. OTA messageswould be sent at the beginning and the end of the school lunch time sothat the near field tag 41 could only be used to make a payment duringthe appropriate time.

The times at which, and the circumstances in which, the OTA messages aresent by the mobile telecommunications network 3 to the user's SIM card15 may be set by the user of the mobile terminal 1. For example, theuser of the mobile terminal 1 may initiate a communication session (suchas a SIP communication session) with the mobile telecommunicationsnetwork 1 to configure the times or places in which the RF tag 41 shouldbe enabled. This updating process may require entry of a password, oremploy some other security mechanism, to prevent unauthorised personsfrom reconfiguring the times and/or locations at which the near fieldtag is rendered operable or inoperable. Alternatively, the user mayconfigure the times and/or locations at which the OTA messages are sentby some other mechanism—for example, by providing verbal instructions tothe operator of mobile telecommunications network 3 by a mobile or PSTNtelephone call, or by visiting the website of the mobiletelecommunications network operator (whether using the mobile terminal 1or independently thereof using a PC connected to the Internet).

Rather than the user of the mobile terminal 1 determining when/where theRF tag 41 is activated, this may be determined by the mobiletelecommunications network 3 or some other entity. For example, a schoolchild's parent may set the times during which the school child is ableto use their RF tag to make payments, in the example given aboverelating to paying for a school lunch. In the example given aboverelating to payment for public transport, the public transportationauthority may alternatively or additionally be able to control when OTAmessages are sent so that, if it is notified that the mobile terminal 1incorporating the near field tag 41 has been stolen, that authority canpermanently or temporarily deactivate the near field tag 41.

In an alternative embodiment, the SIM 15 activates and deactivates thetag in dependence upon whether the SIM is authenticated with the mobiletelecommunications network (using the authentication algorithm and theunique Ki in the manner described above).

Typically, when the mobile terminal 1 is powered up within the coveragearea of the mobile telecommunications network 3, the authenticationprocess between the SIM 15 and the authentication processor 17 of thenetwork 3 occurs automatically. When this authentication has beencompleted, a message is sent to the near field tag 41, via the link 43,to enable operation of the tag. When the SIM 15 is no longerauthenticated (for example, when the mobile terminal 1 is powered down),a further message is sent from the SIM 15 to the near field tag 41, viathe link 43, to deactivate the near field tag 41.

In the modification to this arrangement, the mobile terminal 1 does nothave to be always authenticated with the network 3 for the tag 41 to beenabled. However, the tag 41 is configured so that it is only enabledwhen it receives messages from the SIM 15 indicating that the SIM 15 hasbeen authenticated at predetermined times or events—for example, once aday or on powering on/off of the mobile terminal 1. Such an embodimentis advantageous because, if the mobile terminal 1 is stolen, both theSIM 15 and the near field tag 41 can be disabled together by sending asingle OTA message.

In another embodiment of the invention, the mobile terminal and/or nearfield tag 41 is provided with means for disabling the tag 41 withoutrequiring communication between the mobile terminal 1 and the mobiletelecommunications network 3 (and therefore without requiring receipt ofan OTA message).

The near field tag 41 may be selectively enabled and disabled in orderto reduce the opportunity to obtain information from the near field tag41 by an unauthorised reader.

The following arrangements are useful if the near field tag 41 is to beenabled and disabled for fairly long periods of time:

(1) Personal identification number (PIN) entry—the keypad 37 of themobile terminal 1 is used to enter a PIN (or other secret password) toenable the near field tag 41. The user's PIN may be stored in a securelocation in the mobile terminal 1 or in the SIM 15. When the user enterstheir PIN using the keypad 37, the entered PIN is compared with thestored PIN. If the PINs match, the SIM transmits a message, via link 43,to the near field tag 41 to activate the near field tag. (2) Biometricdata entry—the mobile terminal 1 may incorporate a fingerprint reader45. The fingerprint reader 45 scans the fingerprint of the user when theuser's finger is placed on the reader 45 and compares it to the user'sfingerprint stored in the memory of the mobile terminal 1 or the SIM 15.If the fingerprints are determined to match, the message is sent fromthe SIM 15, via link 43, to the RF tag 41. As an alternative to afingerprint, other biometric data could be used—for example, voicerecognition (using the mobile terminal's built-in microphone and a voicerecognition algorithm within the mobile terminal 1 or SIM card 15) orretinal scanning (using the mobile terminal's built-in camera).

Arrangements (1) and (2) above may advantageously be combined with an RFtag 41 that automatically deactivates after it has been read by areader. That is, the user will activate the RF tag by entering their PINor biometric data prior to bringing the mobile terminal 1 into proximityto the reader. After successful reading of the RF tag 41, the RF tagautomatically disables itself so that no further reading can occurwithout the PIN or biometric data being re-entered. If the mobileterminal 1 is lost or stolen, an unauthorised person cannot use the RFtag 41.

Arrangements (1) and (2) above are fairly inconvenient if a user wishesto activate their RF tag 41 fairly frequently. The followingarrangements may be more convenient when relatively frequent activationof the RF tag 41 is required:

(1) Light sensor—for example a photodiode (a sensor that modifies anelectric current when exposed to a light source) could be built into thecasing of the mobile terminal 1 and act as a switch to activate ordeactivate the RF tag 41. The RF tag 41 is controlled by the photo diodeso that the RF tag 41 is only enabled when the mobile terminal 1 isexposed to light. Therefore, when the mobile terminal 1 was in an opaquecase or the user's pocket, the RF tag 41 will be disabled. Thephotodiode may be sensitive to a particular frequency range—for examplevisible light, infra red or ultra violet. The tag reader may be providedwith a light emitter that emits light at this frequency, in order toactivate the tag. (2) Pressure sensor—a pressure sensor on the casing ofmobile terminal 1 acts as a switch. The RF tag 41 is only enabled whenthe user physically presses the pressure sensor. Therefore, when themobile terminal is in a case or the user's pocket, the pressure sensoris disabled. The pressure sensor may itself be deactivated by the user,for example, when a function of the mobile terminal 1 is selected suchthat the keypad 37 is inoperative. The pressure sensor may be combinedwith the fingerprint scanner 45. The combined sensor detects, not onlythat pressure is applied, but also that an authorised person is pressingthe sensor. Alternatively, the pressure sensor could be combined with anelectrical resistance meter and used to detect that it is a human handpressing the pressure sensor, rather than some other object. (3) Heatsensors—such sensors incorporated in an appropriate position on thecasing of the mobile terminal 1 could be configured to detect that themobile terminal is in a user's hand by detecting the heat from the hand,and only enabling the near field tag 41 when heat from the hand is sodetected. (4) Skin resistance sensor—a skin resistance sensor may beprovided on the casing of the mobile terminal 1 in dependence of thepresence of the pressure sensor described above. The near field tag 41will only be operated when an appropriate resistance, capacitance orinductance is detected, indicating that the user's hand is touching thesensor. (5) Inertial sensors. An inertial sensor incorporated in themobile terminal can be used to detect that the user is moving theterminal (and tag 41) around at a sufficient speed to indicate that itis to be used. Inertial sensors may be based on micro-accelerators,which are commonly used in motion detectors—for example in gaming andvirtual reality/remote control systems.

Arrangements (1) to (5) immediately above activate the radio frequencytag 41 in dependence upon ambient conditions (light, pressure, heat,movement etc.) which change from when the card is being stored to whenthe card is required to be active. Other types of ambient sensors couldbe used and are within the scope of the invention. The arrangements (1)to (5) described above could be combined with an arrangement forautomatically deactivating the near field tag 41 after it has been readonce, or alternatively the tag 41 may deactivate when the ambientconditions change (for example the light/pressure/heat/movement is nolonger applied).

Alternative arrangements for protecting the data associated with thenear field tag 41 are identified below and are useful for single ormultiple RF tags or where the RF tag is not in a user's possession (suchas in tagging systems):

(1) Jamming device—the near field tag 41 and/or the mobile terminal 1 isdesigned to jam/disrupt the low level communications of all other RFtags within range of the jamming device. Instead of following theanti-collision protocol commonly used in near field tag technology, thedevice attempts to create collisions and other forms of interference.The jamming device is disabled, or the near field tag 41 is removed fromproximity of the jamming device, when authorised use of the card isrequired. (2) Round trip detector—to guard against access from RF fieldsthat have been greatly extended, the mobile terminal or near field tag41 has a round trip delay tester (that measures the time taken for asignal to travel from the near field tag 41 to the reader and back tothe tag 41). It sends a test signal when the near field tag 41 is beingread/probed and expects a response within a certain round trip delay. Ifthe response is not received after a predetermined delay, the near fieldtag is disabled either permanently or temporarily. (3) Shielding—a casefor the mobile terminal 1 may have a thin metal plate sewn into thefabric (or otherwise incorporated therein) of the case in order toconveniently shield the near field tag 41.

A mobile terminal 1 may have any of the above arrangements implementedin any combination. For example, a manual entry system and an automaticentry system may be provided, respectively, to enable the card for shortand long periods of use. Alternatively, the arrangements may work inparallel, and the near field tag 41 would be enabled only if the lightsensor was activated and the correct PIN was entered (for example).Further, the arrangements may work in series—for example, the near fieldtag 41 would be enabled if the light sensor was activated and thecorrect PIN was subsequently entered.

In the arrangements described above the tag 41 and the mechanism foractivating/deactivating the near field tag 41 is incorporated into themobile terminal. Alternatively, the mechanism foractivating/deactivating the tag may be incorporated directly into thesmart card or SIM 15 itself. Also, the tag 41 or part of the tag 41 maybe incorporated into the SIM 15.

The principle of controlling operation of a near field tag by means of asmart card or SIM is not restricted to an arrangement where the SIM is,or is always, associated with a mobile terminal 1. For example, the SIMmay be associated with a “dongle” of the type disclosed in WO-A-2004036513.

FIG. 3 shows such a dongle. According to FIG. 3, the dongle 50 has theSIM accommodated completely within its housing 52, and the SIM cannottherefore be seen in the Figure. The dongle 50 has a connector 54 forconnection to a PC. At the opposite end of the casing 52 an optionalloop connector 54 may be provided to provide a convenient means forcarrying the dongle 50 by attaching it to a user's key ring.

One face of the housing 52 has a variety of push buttons 56 mountedthereon, ten of which have respective numerals from 0 to 9 displayedthereon. In this embodiment, the dongle 50 includes means (such assoftware) for receiving the entry of a PIN number from a user byoperating the appropriately designated push buttons 46 which is comparedto the PIN number provided for and stored on the SIM. The SIMs used inthe mobile telecommunications network are conventionally provided withsuch a PIN.

The housing 52 may further optionally provide a display 58 for promptingthe user to enter their PIN number and/or for displaying the PIN numberas it is entered, if desired. On entry of the PIN number using the pushbuttons 56, the entered PIN number is compared to the PIN number storedon the SIM. If the PINS are found to match, communication between theSIM and the PC is permitted to authenticate one or more transactions.The comparison between the entered PIN number and the PIN number storedon the SIM 15 is performed within the dongle 50, and neither the enteredPIN number nor the PIN number stored on the SIM is communicated to thePC. This prevents or reduces the likelihood that the PINS will becomecompromised by disclosure to an authorised party.

To allow entry of the PIN the dongle 50 requires a power supply. Powercan be provided by the PC. Advantageously, the PIN has its own temporarypower supply which allows the PIN to be entered and verified.Subsequently, the power supply is interrupted and the PIN data is lost.This is an additional security feature, and is described in more detailbelow.

The PIN entry comparison arrangement of FIG. 3 may be provided inaddition to or as an alternative to the other security measuresdescribed herein.

The dongle may also incorporate the near field tag 41. The SIM withinthe dongle can only communicate with the mobile telecommunicationsnetwork 3 when it is connected to another device, such as a mobileterminal or a PC that is connected to the mobile telecommunicationsnetwork 3 via the Internet. When this connection between the SIM and themobile telecommunications network 3 occurs, OTA update messages for theSIM can be received and downloaded to the SIM within the dongle. Thecommands within these messages can then be executed by the SIM and usedto control the tag. The commands may activate/deactivate the tagaccording to a timetable or set of events, and the SIM controlsactivation/deactivation of the tag in accordance with these commandseven when the SIM is no longer connected to the mobiletelecommunications network.

In another example, the SIM and the near field tag may be incorporatedin a data card, which allows a notebook computer or other device tocommunicate wirelessly with mobile telecommunications network 3.

FIG. 4A shows a SIM or smart card 100 with an in-built near field tagincluding an inductive antenna 200, and a PIN entry system. Due to thesize of a smart card 100 the PIN entry system consists of a smalldisplay 110 which shows the current number. An “up” and “down” button111 will allow the user to go through the numbers and an “enter” button112 will allow the user to select a number.

FIG. 4B shows another PIN entry system that uses symbols printed onbuttons 113 on the smart card 100 and the user must enter the symbol inthe correct order to activate the tag.

FIG. 5 shows a smart card 100 with an in-built near field tag includingan inductive antenna 200, and a biometric system 120 for reading afinger print. The print is ideally compared to a previously taken printstored in the memory 130 of the smart card 100 or may just be judged ashaving the characteristics of a non-specific fingerprint.

FIG. 6 shows a smart card 100 with an in-built near field tag includingan inductive antenna 200, and photo diode 140 that enable the card whenthe diode 140 is exposed to light. The smart card 100 may contain singleor multiple photo diodes 140. To prevent accidental activation multiplephoto diodes 140 may have to be activated to make the smart card 100enabled.

FIG. 7 shows a smart card 100 with an in-built inductive antenna 200 andpressure sensor 150 that enables the card when the card is being held.To prevent accidental activation multiple pressure sensors 150 may haveto be activated to make the smart card 100 enabled. The card may containmultiple pressure sensors 150 on the same face of the smart card 100 oron the opposite face of the smart card 100. The smart card 100 mayrequire a single hand to operate or two hands to operate.

FIG. 8 shows a smart card 100 with an in-built inductive antenna 200 andan inertial sensor 160 that enables the card when the card is beingwaved around at a sufficient speed.

FIG. 9 shows a wallet/purse 170 with metal shielding 180 that preventsRF signals reaching the smart card 100 held in the wallet/purse 170. Thetag cannot be read while in the wallet/purse 170.

The features described in relation to a SIM in FIGS. 4A to 9 could beapplied to a device incorporating a SIM, such as a mobile terminal,datacard or dongle.

A mobile terminal 1 incorporating a near field tag 41 may incorporateother security features. For example, the mobile terminal (or the SIM)may limit use of the tag. For example, the mobile terminal (or SIM) maymaintain a record of the number of uses of the tag made within apredetermined time period. If the number of uses within thatpredetermined time period exceeds a threshold, further uses may not bepermitted. Alternatively, or additionally, the mobile terminal (or SIM)may provide an indicator that the tag is being used. For example, whenthe tag is being read, the mobile terminal may provide a visualindication (such as showing an icon on its display 34, may generate asound using its built-in loudspeaker or may produce some other physicalindication, such as vibrating. These indicators will alert the user touse of the tag. The user will then be able to assess whether the use ofthe tag is likely to be legitimate or illegitimate.

If shielding is applied to the near field tag, this may advantageouslyshield all reading attempts except those from a predetermined direction.For example, the shielding may be arranged so that the near field tag(or its antenna) must face the reader directly. This could be providedby shielding in the mobile terminal 1 casing or signal jamming createdby the handset. Such shielding will reduce the likelihood that a roguereader transmitting random read requests will be able to successfullyread the tag.

Although the embodiments described use a single near field tag, itshould be understood that multiple near field tags may be incorporatedin a single SIM or mobile terminal. The SIM may control each of thesetags separately in dependence upon OTA update instructions received forthe respective tags.

The invention is applicable to any device that uses RF communication andrelies on close proximity of a reader for its operation.

What is claimed is:
 1. A smart card comprising: a near fieldcommunication device able to transmit over a near field, the smart cardbeing associable with a mobile telecommunications network and configuredto authenticate with the network, wherein when in use, the near fieldcommunication device can be enabled and disabled in response to datareceived by the smart card from the mobile telecommunications network.2. The smart card of claim 1, wherein the near field communicationdevice is selectively enabled to be read by a reader.
 3. The smart cardof claim 1, wherein the near filed communication device is automaticallydisabled after being read by a reader.
 4. The smart card of claim 1,wherein the data received by the smart card from the mobiletelecommunications network comprises location data and the near fieldcommunication device is enabled and disabled by the smart card independence upon the location data.
 5. The smart card of claim 4, whereinthe location data is specific to a first cell such that the smart cardenables the near field communication device upon entering the first celland disables the near field communication device upon leaving the firstcell and entering a second cell.
 6. The smart card of claim 1, whereinthe near field communication device is enabled and disabled by the smartcard in dependence upon authentication of the smart card with the mobiletelecommunications network.
 7. The smart card of claim 1, wherein thedata received by the smart card from the mobile telecommunicationsnetwork represent time values and the near field communication device isenabled and disabled by the smart card in dependence upon the timevalues.
 8. The smart card of claim 7, wherein the time values specify apredetermined time period of the day, the near field communicationdevice being enabled at the beginning of the predetermined time periodand being disabled at the end of the predetermined time period.
 9. Thesmart card of claim 8, wherein the time values are set by a user of theuser of the smart card.
 10. The smart card of claim 9, wherein the userinitiates a communication session with the mobile telecommunicationsnetwork to set the time values.
 11. The smart card of claim 9, whereinthe user sets the time values by providing verbal instructions to anoperator of the mobile telecommunications network or by visiting awebsite of the operator of the mobile telecommunications network. 12.The smart card of claim 1, wherein predetermined authenticationinformation respective to a user is stored on the smart card, the smartcard being registered with the mobile telecommunications network, whichincludes means for authenticating.
 13. The smart card of claim 1,wherein the data received by the smart card from the mobiletelecommunications network represent authentication data and the nearfield communication device is enabled and disabled by the smart card independence upon the authentication data.
 14. The smart card of claim 13,wherein the near field communication device is enabled as long as thesmart card is authenticated by the mobile telecommunications network andis disabled when the smart card is no longer authenticated by the mobiletelecommunications network.
 15. The smart card of claim 13, wherein theauthentication data comprises an authentication process and anauthentication key.
 16. The smart card of claim 1, wherein the smartcard is associated with means for comparing an entered PersonalIdentification Number (PIN) with a stored PIN and the transmissionability of the near field communication device is selectively enabled bythe smart card only when the respective PINs match.
 17. The smart cardof claim 1, wherein the smart card comprises a SIM.
 18. The smart cardof claim 1, wherein the data is for programming the smart card.
 19. Thesmart card of claim 1, wherein the data comprise over-the-air updatingmessages.
 20. The smart card of claim 1, wherein the data comprise SMSmessages.